- 0 Posts
- 114 Comments
Triggered me to do a quick check:
Their privacy policy looks alright; and while I don’t like ads, they are gone in the minimum donation package of just 1 EUR, I think I did that just shortly after I started using them. https://www.lonelycatgames.com/docs/xplore/privacy - all the other parts seem privacy respecting, and the company is based in Slovakia, so has to respect GDPR by default. Website looks very dated and some of the other software has been abandoned a while ago, but they clearly state that and offer it as-is. Funny enough, I’ve also been using Disk Map for ages and never realized it’s from the same developer.
Yeah it does. Adobe has a lot of active script support, including java script for example, which can be exploited. If a software can’t interpret those scripts at all and simply displays plain text, that means malware won’t be executed.
And since Adobe Acrobat / Acrobat Reader are the most common pdf viewers out there, they are a natural target for hackers as well.
Woah, I never knew Hypatia is part of the Divest team. Here I thought I was unaffected by the shutdown… I wonder if they’ll keep the av updates coming, since they are provided by ClamAV.
Edit: Looks like the script that converts clamav to hypatia compatible packages is public, I’m tempted to run it myself and host the files on my own server. That way I can just set the database override link within the app to my domain and done.
https://codeberg.org/divested-mobile/hypatia/src/branch/stable/scripts/Main.java
You can bypass this crap, but you’ll need to root your phone to achieve that.
Afterwards you’ll need to install magisk (superuser app) and a bunch of plugins: play integrity fix and playcurl_next (to simulate that your phone is unrooted), and then FlagSecurePatcher (which is the actual module that’s overriding the screenshot block.
My primary use case was magisk to enable taking screenshots from otherwise protected apps. Was living in China for almost 7 years, and even though I speak it quite alright, reading is a whole other level. And there are quite a few apps there that I had to use on a regular basis that had this damned flag_secure enabled so I couldn’t otherwise take screenshots to run them through a translation app.
The second one was system level adblock, since the alternative is for adblockers to install themselves as local VPNs routing traffic to 127.0.0.1; however being in China meant I actually had to use a real VPN to access the free internet, and I certainly didn’t want to choose between ads or privacy. The latter still applies; I’m using a VPN on most days.
Lastly, being able to use magisk also gives me access to some advanced security apps such as Hibernator (freezes apps, meaning they are basically uninstalled and reactivated on press, so they can’t use data, don’t get updated etc.), Storage Isolation (lets you configure on a per-app basis which folders it might access), App Ops (advanced permission management, which also includes an ignore function that acts like as if a certain permission was granted, but would feed random data or zeros to the app).
Being able to uninstall everything including system apps is also nice, though that can still be achieved with adb. Browsing root folders when looking for specific data is also nice, but I used that twice in about 5 years, so it’s probably not essential.
With playcurl next I didn’t experience any issues yet, it’s polling a new device fingerprint every couple minutes to make sure your device never ends up on a blocklist, and you can trigger this manually in the magisk app as well.
Can’t guarantee it’s never going to be blocked if Google changes the algorithm, but that would just mean they have to adjust the fingerprinting as well.
Nah you can easily bypass play integrity on a rooted phone, see my comment above.
With a rooted phone you can install Zygisk (magisk + zygote) and then a bunch of modules that simulate system integrity.
What you need are “play integrity fix” and “playcurl_NEXT”.
The first module lets you bypass the google play integrity check, the second one will download updated integrity fingerprint files every 5 minutes to ensure that the bypass never fails.
If you know how to install custom ROMs, this part is not a big challenge.
Sounds more like you never dealt with them. I’m German, we still got plenty of ideologically challenged individuals in country, and they are not stupid.
No idea what a glowie is, but those trump worshiping clowns you got in the US aren’t the people I’m worried about. Over here there is no discernible education gap between left and right wing.
There’s an app called Cheq, which is a means for foreigners to buy stuff in India using their QR payment system, that’s normally restricted for citizens only.
Follow the link on https://cheq.money to the correct version for your phone, there are a bunch of other apps and service providers piggybacking off of the name.
They’ll charge you a sign-on fee of 999 Rupees (about 10 bucks), I’d suggest you use a virtual credit card from wise.com or something for that. I inherently distrust random online shops in third world countries. Once you’ve done that, they ask for your location to perform an in-person ID verification to make sure you actually live in India.
That’s the point where you choose a random location out in the sticks. Say Lemru town in Chhattisgarh State or something - you might try a few until you find something where they show you a local account manager but no physical shop to perform the activation. That part is key.
Contact the account manager via whatsapp (can be registered with your regular phone number, the service is aimed at tourists and foreign residents alike). Normally they are supposed to come visit you, but they can’t be bothered to drive 3h to see you, especially if you press it a bit and call it urgent. Eventually they’ll just ask to send a passport copy directly to them, and they’ll activate it remotely.
You can then use a VPN to set your play store (should work for Apple store as well) country to India, enter a random address there, select “UPI” as payment method, and open the Cheq app when prompted. After a couple hours you’ll get an email that your play store country has been changed, and from then on you can use Cheq to buy stuff for cheap. Top up the balance with virtual cards whenever needed, you can’t use non-indian credit cards directly in google play. You can however buy gift cards on amazon.in with them, have the code send to yourself and redeem it, that works without problems.
Waze has speed trap warnings. They don’t have anything else (and were also bought out by Google), but for navigation, it rocks.